<?php  
    require_once("form-files-directory/gbcf_config.php");
//print_r($_POST);
// Posted variables
     $name = $_POST['name'];           
     $email = $_POST['email'];         
     $reason = $_POST['reason'];       
     $message = $_POST['message'];     
     $gbcc = @$_POST['gbcc'];
     $ltd = date("l, F jS, Y \\a\\t g:i a", time()+$time_offset*60*60);
     $ip = getenv("REMOTE_ADDR");
     $hr = getenv("HTTP_REFERER");
     $hst = gethostbyaddr( $_SERVER['REMOTE_ADDR'] );
     $ua = $_SERVER['HTTP_USER_AGENT'];

// Strip slashes, html, php, binary, and scrub posted vars
     $name = stripslashes(strip_tags(trim($name)));
     $email = stripslashes(strip_tags(trim(strtolower($email))));
     $url = stripslashes(strip_tags(trim($url)));
     $reason = stripslashes(strip_tags(trim($reason)));
     $message = stripslashes(strip_tags(trim($message)));
     $ltd = stripslashes(strip_tags(trim($ltd)));
     $ip = stripslashes(strip_tags(trim($ip)));
     $hr = stripslashes(strip_tags(trim($hr)));
     $hst = stripslashes(strip_tags(trim($hst)));
     $ua = stripslashes(strip_tags(trim($ua)));

// Email header
     $gb_email_header = "From: $email\n"."Reply-To: $email\n"."MIME-Version: 1.0\n"."Content-type: text/plain; charset=\"ISO-8859-1\"\n"."Content-transfer-encoding: quoted-printable\n\n"; 

// Strip more html, php, and binary, then scrub 
     $gb_email_header = stripslashes(strip_tags(trim($gb_email_header)));

// Identify exploits
     $head_expl = "/(bcc:|cc:|document.cookie|onclick|onload)/i";
     $inpt_expl = "/(content-type|bcc:|cc:|document.cookie|onclick|onload)/i";

// Modify referrer to counter bogus www/no.www mismatch errors
     $form_location = strtolower(trim(rtrim(str_replace(array("http", "www", "&", "/", "#", "\\", ":", "%", "|", "^", ";", "@", "?", "+", "$", ".", "~", "-", "=", "_", " ",), '', $form_location)))); 
     $new_referrer = strtolower(trim(rtrim(str_replace(array("http", "www", "&", "/", "#", "\\", ":", "%", "|", "^", ";", "@", "?", "+", "$", ".", "~", "-", "=", "_", " ",), '', $_SERVER['HTTP_REFERER'])))); 

// Carbon Copy request negotiation
if($gbcc == "gbcc") {
     $gb_cc = ", $email";
     $cc_notify1 = "".$x_or_h_br."<small>(A carbon copy has also been sent to this address.)</small>";
     $cc_notify2 = "(Copy sent)";
     $cc_notify3 = "";
} else {
     $gb_cc = "";
     $cc_notify1 = ""; 
     $cc_notify2 = ""; 
     $cc_notify3 = "";
} 

// Required fields need stuffing or get an error showing fields needed
if(!isset($name,$email,$reason,$message) || empty($name) || empty($reason) || empty($message) ){
     print('<p><span class="error">Required Field(s) Missed:</span> The following &#8220;Required&#8221; fields were not filled in. Using your &#8220;Back&#8221; button, please go back and fill in all required fields.</p>'."\n");
     echo('      <dl>'."\n");
     echo('       <dt>Empty Field(s):</dt>'."\n");
if(empty($name)) { 
     echo('        <dd>&#8220;Enter your full name&#8221;</dd>'."\n"); 
}
if(empty($email)) { 
     echo('        <dd>&#8220;Enter your email address&#8221;</dd>'."\n"); 
}
if(empty($reason)) { 
     echo('        <dd>&#8220;Select a contact reason&#8221;</dd>'."\n"); 
}
if(empty($message)) { 
     echo('        <dd>&#8220;Enter your message&#8221;</dd>'."\n"); 
}
     echo('      </dl>'."\n");
} else {
$error = 0;
$errorMsg = '';
// Email again as it can error two ways - It can be empty
if(!isset($email) || empty($email)) {
     echo('   <h'.$gb_heading.' class="formhead" id="results">Results: <span class="error">'.$error_heading.'</span></h'.$gb_heading.'>
     <p><span class="error">Required Field(s) Missed:</span> The following &#8220;Required&#8221; fields were not filled in. </p>
      <dl>
       <dt>Empty Field(s):</dt>
        <dd>&#8220;Enter your email address&#8221;</dd>
     </dl>'."\n");

// Or the email doesn't seem to be properly formed or has illegal email characters
} else if(!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})", "$email")) {
		$error = 1;
     $errorMsg .=('   <h'.$gb_heading.' class="formhead" id="results">Results: <span class="error">'.$error_heading.'</span></h'.$gb_heading.'>
     <p><span class="error">Invalid Email Address:</span> The email address you have submitted seems to be invalid. </p>'."\n");
// Input length error tripping
} else if(strlen($name) > 40 || strlen($email) > 40 || strlen($phone) > 30 || strlen($url) > 60 || strlen($gbcc) > 4) {
			$error = 1;
       $errorMsg .=('   <h'.$gb_heading.' class="formhead" id="results">Results: <span class="error">'.$error_heading.'</span></h'.$gb_heading.'>
     <p><span class="error">Input Maxlength Violation:</span> Certain inputs have been populated beyond that which is allowed by the form. Therefore you must be trying to post remotely and are probably a spambot. Go away!</p>'."\n");

// Contact reason validation
} else if(!in_array($reason, $gb_options)) { 
			$error = 1;
       $errorMsg .=('   <h'.$gb_heading.' class="formhead" id="results">Results: <span class="error">'.$error_heading.'</span></h'.$gb_heading.'>
     <p><span class="error">Contact Reason Violation:</span> You have tried to post a &#8220;Contact Reason&#8221; which doesn&#8217;t exist in '.$my_or_our.' menu. Therefore you must be trying to post remotely and are probably a spambot. Go away!</p>'."\n");

// Check the IP black list
} else if(in_array($ip, $ip_blacklist)) { 
			$error = 1;
       $errorMsg .=('   <h'.$gb_heading.' class="formhead" id="results">Results: <span class="error">'.$error_heading.'</span></h'.$gb_heading.'>
     <p><span class="error">Blacklisted IP Address:</span> Sorry, but your IP address has been blocked. Perhaps you have abused your form submission privileges in the past. If you&#8217;ve sent spam to '.$email.' in the past, this could be the reason.</p>'."\n");

// Form value confirmation
// Let match the referrer to ensure it's sent from here and not elsewhere
// Finally, my long version of Jem's exploit killer
} else if(preg_match($head_expl, $gb_email_header) || preg_match($inpt_expl, $name) || preg_match($inpt_expl, $email) || preg_match($inpt_expl, $phone) || preg_match($inpt_expl, $url) || preg_match($inpt_expl, $message)) {
			$error = 1;
     $errorMsg .=('   <h'.$gb_heading.' class="formhead" id="results">Results: <span class="error">'.$error_heading.'</span></h'.$gb_heading.'>
     <p><span class="error">Injection Exploit Detected:</span> It seems that you&#8217;re possibly trying to apply a header or input injection exploit in '.$my_or_our.' form. If you are, please stop at once! If not, using your &#8220;Back&#8221; button, please go back and check to make sure you haven&#8217;t entered <strong>content-type</strong>, <strong>bcc:</strong>, <strong>cc:</strong>, <strong>document.cookie</strong>, <strong>onclick</strong>, or <strong>onload</strong> in any of the form inputs. If you have and you&#8217;re trying to send a legitimate message, for security reasons, please find another way of communicating these terms.</p>'."\n");

// Holy smokes, looks like all's cool and we can send the message
} else {
     $gb_content = "You are being contacted by $name. \n\n   Email: $email $cc_notify2\n      Reason: $reason\n\nMessage:\n   $message\n\n\n--------------------------\n";
     $gb_ccmail = "Hello $name,\n\nThis is a copy of the email you sent to $gb_website_name. If appropriate to your message, you should receive to response quickly. You successfully sent the following information:\n\n   Email: $email $cc_notify3\n   Phone: $phone\n   Website: $url\n   Reason: $reason\n\nMessage:\n   $message\n\n\n--------------------------\nOther Data and Information:\n   Time Stamp: $ltd\n\n";

// Remove tags and slashes from content-including header then trim it again
     $gb_content = stripslashes(strip_tags(trim($gb_content)));
     $gb_ccmail = stripslashes(strip_tags(trim($gb_ccmail)));

// The mail function helps, let's send this stuff
     @mail("$gb_email_address", "[$gb_website_name] Contact from $name", $gb_content, $gb_email_header);

if($gb_cc !== "") {
     @mail("$gb_cc", "[Copy] Email sent to $gb_website_name", $gb_ccmail, $gb_email_header);
}
// And let's inform the user and show them what they sent
     $errorMsg .=('
    <p>You have successfully sent a message to '.$gb_contact_name.'.</p> 
    '."\n");
  }
 }
 
echo $errorMsg.'<br><br>$$$'.$error;
?>